Add STSAFE-A120 Support

[dgarske]

Add STSAFE-A120 Support via STSELib

Description

This PR adds support for the ST STSAFE-A120 secure element using the open-source STSELib SDK. The STSAFE-A120 is ST's latest secure element with enhanced cryptographic capabilities and is the successor to the STSAFE-A100/A110 series.

Changes

Files Modified:

• wolfcrypt/src/port/st/stsafe.c - Added STSAFE-A120/STSELib implementation
• wolfssl/wolfcrypt/port/st/stsafe.h - Added type abstractions and curve mappings
• wolfcrypt/src/wc_port.c - Updated STSAFE initialization
• wolfcrypt/src/port/st/README.md - Added documentation

Features

• True Random Number Generation (TRNG) - Hardware RNG for seeding wolfSSL's RNG
• ECC Key Generation - P-256 and P-384 key pair generation in secure element
• ECDSA Sign/Verify - Hardware-accelerated ECDSA operations
• ECDH Shared Secret - Elliptic curve Diffie-Hellman key exchange
• Device Certificate - Read X.509 certificates from secure storage
• Crypto Callbacks - Full integration with wolfSSL's crypto callback mechanism

Configuration

Enable with:

#define WOLFSSL_STSAFEA120Optional defines:
#define USE_STSAFE_RNG_SEED    /* Use STSAFE for RNG seeding */
#define WOLF_CRYPTO_CB         /* Enable crypto callbacks */
#define STSAFE_I2C_BUS 1       /* I2C bus number (default: 1) */

Dependencies

• STSELib - ST Secure Element Library (BSD-3-Clause)
  • Available from: https://github.com/STMicroelectronics/STSELib
  • Requires platform abstraction layer implementation

API Compatibility

The new implementation maintains API compatibility with the existing STSAFE-A100 code:

• stsafe_interface_init() - Initialize device
• wolfSSL_STSAFE_CryptoDevCb() - Crypto callback handler
• SSL_STSAFE_* callback functions for TLS integration

Testing

Tested on Raspberry Pi 5 with STSAFE-A120 connected via I2C:

• Echo command ✅
• Random number generation ✅
• ECC P-256 key generation ✅
• ECC P-384 key generation ✅
• ECDSA P-256 sign/verify ✅
• ECDSA P-384 sign/verify ✅
• Crypto callback integration ✅

Performance (Raspberry Pi 5)

Operation	Time
ECC P-256 KeyGen	~40 ms
ECDSA P-256 Sign	~51 ms
ECDSA P-256 Verify	~79 ms
RNG (256 bytes)	<1 ms

Notes

• The STSELib uses conditional compilation for ECC curves via stse_conf.h
• Curve ID values in stsafe.h depend on which curves are enabled in stse_conf.h
• Default configuration enables NIST P-256 and P-384

Related

• STSELib: https://github.com/STMicroelectronics/STSELib
• STSAFE-A120 Datasheet: https://www.st.com/en/secure-mcus/stsafe-a120.html
• Example / Tests: Example for ST-SAFE A120 wolfssl-examples#553

ZD 20780

[devin-ai-integration]

🛟 Devin Lifeguard found 3 likely issues in this PR

• check-all-return-codes snippet: Capture the return value of stsafe_interface_init() in wolfCrypt_Init and, if it is non-zero, propagate or handle the error (e.g., ret = stsafe_interface_init(); if (ret != 0) return ret;).
• no-memory-leaks snippet: After copying the shared secret, add XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); (and similarly free other SDK-allocated buffers such as pubX/pubY, signature, readBuf, echo_resp) before the function returns.
• limit-stack-usage snippet: Replace large local buffers (e.g., sigRS, pubKeyX, pubKeyY in SSL_STSAFE_VerifyPeerCertCb) with heap allocations under the WOLFSSL_SMALL_STACK pattern, freeing them before return.

@dgarske
please take a look at the above issues which Devin flagged. Devin will not fix these issues automatically.

[dgarske]

Jenkins retest this please: "AgentOfflineException"

[JacobBarthelmeh]

Instead of 0x30, 0x81, and 0x82 use ASN_SEQUENCE | ASN_CONSTRUCTED and the ASN length values. If this is hard set to avoid needed NO_ASN not defined then please add comments as to what the values are here.

[JacobBarthelmeh]

Magic number here of 223.

[JacobBarthelmeh]

There should be bounds checks here on r_length and s_length before use. It's unlikely that the ST function will return invalid or unexpected data with a status_code return of STSAFE_A_OK but better to have a sanity check.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[dgarske]

Jenkins retest this please: "AgentOfflineException"

[Copilot]

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The macro STSAFEA_EPHEMERAL_KEY_USAGE_LIMIT is used but never defined anywhere in the codebase. This will cause a compilation error. This should likely be a numeric literal (e.g., 255) or defined as a macro in the header file.

[Copilot]

This code block uses A120-specific types (stse_ReturnCode_t) and functions (stse_generate_ecc_key_pair) without #ifdef WOLFSSL_STSAFEA120 guards. This will cause compilation errors when building with WOLFSSL_STSAFEA100 defined. The entire block from lines 1854-1892 should be wrapped in #ifdef WOLFSSL_STSAFEA120 ... #else ... #endif to provide appropriate implementation for both A100 and A120.

[Copilot]

The magic number 255 for usage_limit should be defined as a named constant (e.g., STSAFE_PERSISTENT_KEY_USAGE_LIMIT) for better code maintainability and consistency. This same value should be used throughout the codebase where applicable.

[Copilot]

The variable key_sz is declared but only used within the STSAFE-A120 specific code path at line 1881. This variable declaration should be moved inside the A120-specific #ifdef block (after adding the missing guards) to avoid unused variable warnings.

Suggested change

	byte ephemeralPubKey[STSAFE_MAX_PUBKEY_RAW_LEN];
	int key_sz = stsafe_get_key_size(curve_id);
	byte ephemeralPubKey[STSAFE_MAX_PUBKEY_RAW_LEN];
	#ifdef WOLFSSL_STSAFEA120
	int key_sz = stsafe_get_key_size(curve_id);
	#endif

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.